Windows Architecture - Registry 101

Let's get started by explaining what exactly the registry is.  The registry is a hierarchical database that contains the value of variables in Windows and in the applications and services that run on Windows.  During the setup of the Operating System, the Registry is built from template files.  The Operating System and application programs store […]

Let's get started by explaining what exactly the registry is.  The registry is a hierarchical database that contains the value of variables in Windows and in the applications and services that run on Windows.  During the setup of the Operating System, the Registry is built from template files.  The Operating System and application programs store the following system configuration and user data in the registry:

  • Profiles for each user
  • Installed applications and the file extensions associated with each application
  • Property settings for folders and program icons
  • System Hardware
  • Ports used for I/O Communications

OK, now that you know what it is - let's talk terminology.  The diagram below shows you the key areas & terms used when talking about the registry.

A registry hive is a set of discrete files.  Each hive contains a key that serves as the root of the tree.  The pathnames of all the hives, with the exception of user profiles are coded into the configuration manager.  OK - so we know that we're dealing with files - where are they located?  Below is a list of Hive Registry paths and their corresponding file locations:

  • HKEY_LOCAL_MACHINE\SYSTEM: %SystemRoot%\system32\config\SYSTEM
  • HKEY_LOCAL_MACHINE\SAM: %SystemRoot%\system32\config\SAM
  • HKEY_LOCAL_MACHINE\SECURITY: %SystemRoot%\system32\config\SECURITY
  • HKEY_LOCAL_MACHINE\SOFTWARE: %SystemRoot%\system32\config\SOFTWARE
  • HKEY_LOCAL_MACHINE\HARDWARE: Volatile hive
  • HKEY_LOCAL_MACHINE\SYSTEM\Clone: Volatile hive
  • HKEY_USERS\UserProfile: <profiles folder>\NTUSER.DAT
  • HKEY_USERS.DEFAULT: %SystemRoot%\system32\config\DEFAULT

View: Full post

Microsoft, Windows, Architecture, Registry, Registry 101